worktree-setup-hook
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the user to install a post-checkout hook that automatically executes
setup.shorscripts/setup.shfrom the repository root. - Evidence: The documentation in
SKILL.mdandsetup-guide.mdexplicitly states that it runs these scripts if present. - Risk: Malicious repositories can include a
setup.shto execute arbitrary commands immediately upon the user runninggit worktree add. - [REMOTE_CODE_EXECUTION] (HIGH): The installed hook automatically detects and runs package managers (
npm,yarn,pip,cargo,go,bundle) to install dependencies. - Evidence:
SKILL.mdsection 'Package Manager Detection' lists automatic execution of install commands for multiple languages. - Risk: Many package managers execute lifecycle scripts (e.g.,
postinstallin npm) during the installation process, providing another vector for automatic RCE from untrusted repositories. - [EXTERNAL_DOWNLOADS] (MEDIUM): The hook triggers network operations to fetch packages from public registries (PyPI, npm, etc.) automatically.
- Risk: This facilitates supply chain attacks and unexpected data usage without user intervention during a standard git operation.
- [CREDENTIALS_UNSAFE] (LOW): The hook is designed to automatically copy
.envand.env.localfiles across worktrees. - Risk: While a convenience feature, it automates the duplication of sensitive credentials, potentially exposing them if the new worktree environment is less secure or if the setup scripts it triggers are malicious.
Recommendations
- AI detected serious security threats
Audit Metadata